feat(analytics): revamped 3ds auth analytics

[Sanskar2001]

Type of Change

• Bugfix
• New feature
• Enhancement
• Refactoring
• Dependency updates
• Documentation
• CI/CD

Description

Added exemption_requested and exemption_approved fields to the auth_events metrics, extended the auth-analytics API with new filters for 3DS Intelligence, and created a dedicated endpoint to serve SCA-exemption Sankey chart data.

Additional Changes

• This PR modifies the API contract
• This PR modifies the database schema
• This PR modifies application configuration/environment variables

Motivation and Context

How did you test it?

Tested it locally by ingesting some test data in authentications tables in CKH.
CURL for /metrics/auth_events introduced two new fields authentication_exemption_approved_count and authentication_exemption_requested_count here

curl 'http://localhost:8080/analytics/v1/metrics/auth_events' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/json' \
  -H 'Cookie: login_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiY2IzYjdjNGQtYjQ0Mi00ZDk0LWJkMjQtNjk5NjI4ZjQ1MzBkIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzQ4Mjg1ODc1Iiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTc0ODY5NDkwNywib3JnX2lkIjoib3JnX1VBQnlpWmZ4TW44dFpuSnZUemlvIiwicHJvZmlsZV9pZCI6InByb19Pcjh5cmlGYzBPY1pJZHFBOVFVVyIsInRlbmFudF9pZCI6InB1YmxpYyJ9.Bfo6nVoKTUl0I3Bzn2qg-kFxkiU3cWj-gHInHXpHneU' \
  -H 'Origin: http://localhost:9000/' \
  -H 'Pragma: no-cache' \
  -H 'Referer: http://localhost:9000/dashboard/analytics-authentication' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'Sec-GPC: 1' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36' \
  -H 'X-Merchant-Id: merchant_1748285875' \
  -H 'X-Profile-Id: pro_Or8yriFc0OcZIdqA9QUW' \
  -H 'api-key: hyperswitch' \
  -H 'authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiY2IzYjdjNGQtYjQ0Mi00ZDk0LWJkMjQtNjk5NjI4ZjQ1MzBkIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzQ4Mjg1ODc1Iiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTc0ODY5NDkwNywib3JnX2lkIjoib3JnX1VBQnlpWmZ4TW44dFpuSnZUemlvIiwicHJvZmlsZV9pZCI6InByb19Pcjh5cmlGYzBPY1pJZHFBOVFVVyIsInRlbmFudF9pZCI6InB1YmxpYyJ9.Bfo6nVoKTUl0I3Bzn2qg-kFxkiU3cWj-gHInHXpHneU' \
  -H 'sec-ch-ua: "Chromium";v="130", "Brave";v="130", "Not?A_Brand";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  --data-raw '[{"timeRange":{"startTime":"2025-05-22T18:30:00Z","endTime":"2025-05-30T13:10:30Z"},"mode":"ORDER","source":"BATCH","metrics":["authentication_count","authentication_attempt_count","authentication_success_count","challenge_flow_count","frictionless_flow_count","frictionless_success_count","challenge_attempt_count","challenge_success_count"],"delta":true}]'

CURL for /metrics/auth_events/sankey this is required to build an exmemption analytics sankey chart on dashboard

curl 'http://localhost:8080/analytics/v1/metrics/auth_events/sankey' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/json' \
  -H 'Cookie: login_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiY2IzYjdjNGQtYjQ0Mi00ZDk0LWJkMjQtNjk5NjI4ZjQ1MzBkIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzQ4Mjg1ODc1Iiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTc0ODY5NDkwNywib3JnX2lkIjoib3JnX1VBQnlpWmZ4TW44dFpuSnZUemlvIiwicHJvZmlsZV9pZCI6InByb19Pcjh5cmlGYzBPY1pJZHFBOVFVVyIsInRlbmFudF9pZCI6InB1YmxpYyJ9.Bfo6nVoKTUl0I3Bzn2qg-kFxkiU3cWj-gHInHXpHneU' \
  -H 'Origin: http://localhost:9000/' \
  -H 'Pragma: no-cache' \
  -H 'Referer: http://localhost:9000/dashboard/analytics-authentication' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'Sec-GPC: 1' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36' \
  -H 'X-Merchant-Id: merchant_1748285875' \
  -H 'X-Profile-Id: pro_Or8yriFc0OcZIdqA9QUW' \
  -H 'api-key: hyperswitch' \
  -H 'authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoiY2IzYjdjNGQtYjQ0Mi00ZDk0LWJkMjQtNjk5NjI4ZjQ1MzBkIiwibWVyY2hhbnRfaWQiOiJtZXJjaGFudF8xNzQ4Mjg1ODc1Iiwicm9sZV9pZCI6Im9yZ19hZG1pbiIsImV4cCI6MTc0ODY5NDkwNywib3JnX2lkIjoib3JnX1VBQnlpWmZ4TW44dFpuSnZUemlvIiwicHJvZmlsZV9pZCI6InByb19Pcjh5cmlGYzBPY1pJZHFBOVFVVyIsInRlbmFudF9pZCI6InB1YmxpYyJ9.Bfo6nVoKTUl0I3Bzn2qg-kFxkiU3cWj-gHInHXpHneU' \
  -H 'sec-ch-ua: "Chromium";v="130", "Brave";v="130", "Not?A_Brand";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  --data-raw '{"startTime": "2025-01-22T18:30:00Z","endTime": "2025-05-29T12:59:33Z"}'

Checklist

• I formatted the code cargo +nightly fmt --all
• I addressed lints thrown by cargo clippy
• I reviewed the submitted code
• I added unit tests for my changes where possible

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
crates/router/src/analytics.rs	3% smaller
crates/api_models/src/analytics/auth_events.rs	2% smaller
crates/analytics/src/auth_events/filters.rs	1% smaller
crates/analytics/src/auth_events.rs	0% smaller
crates/analytics/src/auth_events/accumulator.rs	0% smaller
crates/analytics/src/auth_events/core.rs	0% smaller
crates/analytics/src/auth_events/metrics.rs	0% smaller
crates/analytics/src/auth_events/metrics/authentication_attempt_count.rs	0% smaller
crates/analytics/src/auth_events/metrics/authentication_count.rs	0% smaller
crates/analytics/src/auth_events/metrics/authentication_error_message.rs	0% smaller
crates/analytics/src/auth_events/metrics/authentication_exemption_approved_count.rs	0% smaller
crates/analytics/src/auth_events/metrics/authentication_exemption_requested_count.rs	0% smaller
crates/analytics/src/auth_events/metrics/authentication_funnel.rs	0% smaller
crates/analytics/src/auth_events/metrics/authentication_success_count.rs	0% smaller
crates/analytics/src/auth_events/metrics/challenge_attempt_count.rs	0% smaller
crates/analytics/src/auth_events/metrics/challenge_flow_count.rs	0% smaller
crates/analytics/src/auth_events/metrics/challenge_success_count.rs	0% smaller
crates/analytics/src/auth_events/metrics/frictionless_flow_count.rs	0% smaller
crates/analytics/src/auth_events/metrics/frictionless_success_count.rs	0% smaller
crates/analytics/src/auth_events/sankey.rs	0% smaller
crates/analytics/src/auth_events/types.rs	0% smaller
crates/analytics/src/sqlx.rs	0% smaller
crates/analytics/src/utils.rs	0% smaller

[su-shivanshmathur]

both the metrics authentication_exemption_accepted_count and authentication_exemption_requested_count can be the same, just with the added filter, please make it one and make the filter being added from the API request

[tsdk02]

You can add the new filter fields in AuthEventMetricsBucketIdentifier as well. It will help divide the response data into the appropriate objects in queryData, and uniquely identify each data bucket with the combination of field variants.

Also, with this change, you might need to add these fields in all the metrics queries, can fix the compilation errors as they come.

[tsdk02]

both the metrics authentication_exemption_accepted_count and authentication_exemption_requested_count can be the same, just with the added filter, please make it one and make the filter being added from the API request

I agree.